Forum Discussion

Altostratus

Jan 24, 2019

ASM Brute Force login mitigation with Captcha

I have a question regarding the ASM brute force login mitigation feature using captchas. Based on the failed logins setting the user gets challenged with a captcha. After solving the capture succesfu...

ASM Advanced WAF

security

Findus

Altostratus

Apr 16, 2019

Just to let you know - the above described login sequence with captcha challenges works as designed. I clarified this via a support ticket.

Final answer from support:

"The Engineering Services team confirmed this is the expected behaviour. Only when the customer key in the correct captcha response when login was successful (meaning the right set of credentials before the challenge) would he not be challenged again in subsequent login requests."

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM Brute Force login mitigation with Captcha

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

iRule causing requests to be duplicated (sometimes)

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Related Content

HTTP Brute Force Mitigation Playbook: Bot Profile for Brute Force Mitigations - Chapter 5

HTTP Brute Force Mitigation Playbook: BIG-IP LTM Mitigation Options for HTTP Brute Force Attacks - Chapter 3

HTTP Brute Force Mitigation Playbook: Overview - Chapter 1

HTTP Brute Force Mitigation Playbook: Appendix

HTTP Brute Force Mitigation Playbook: Slow Brute Force Protection Using Behavioural DOS - Chapter 6

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS